It’s easy to overlook app permissions. After all, you want something, and if there’s no tangible sacrifice attached to it, people don’t see the problem.
I do. I look after a few servers; security is something that’s always in or around my consciousness. The prime tenet of data security is to only give access to things that need it.
The Paypal app can, as it turns out, do a raft of things that include your peripheral hardware. Like magnetic stripe readers, scanning credit cards and OCRing cheques. I’ve still no idea why it needs SMS/MMS, calendar, location and app inspection access… So answers on a postcard.
That isn’t really the point. My first problem comes in that Paypal are normalising applications doing a permission land-grab at install time. Something that was installed to let me do lightweight management of my account (and get notifications) has mutated into this beast that wants permanent access to my physical life.
Now, you can probably trust Paypal; they’ve only been shown to be moderately evil in the past… But who is to say that will always be true. They could decide to monetise this access. Or they could get hacked. Or another app could manipulate it to escalate its own privileges. In any case the result is the same: it can track you, it can watch you, it can hear you and it can smuggle data off your phone without you ever realising. You’re installing the perfect tracking, wiretapping bug. Full story...
Related posts:
I do. I look after a few servers; security is something that’s always in or around my consciousness. The prime tenet of data security is to only give access to things that need it.
The Paypal app can, as it turns out, do a raft of things that include your peripheral hardware. Like magnetic stripe readers, scanning credit cards and OCRing cheques. I’ve still no idea why it needs SMS/MMS, calendar, location and app inspection access… So answers on a postcard.
That isn’t really the point. My first problem comes in that Paypal are normalising applications doing a permission land-grab at install time. Something that was installed to let me do lightweight management of my account (and get notifications) has mutated into this beast that wants permanent access to my physical life.
Now, you can probably trust Paypal; they’ve only been shown to be moderately evil in the past… But who is to say that will always be true. They could decide to monetise this access. Or they could get hacked. Or another app could manipulate it to escalate its own privileges. In any case the result is the same: it can track you, it can watch you, it can hear you and it can smuggle data off your phone without you ever realising. You’re installing the perfect tracking, wiretapping bug. Full story...
Related posts:
No comments:
Post a Comment